tech-net: Re: problems with route-firewall

Subject: Re: problems with route-firewall
To: jandemore <jdomingo@acidh.org>
From: Steve Woodford <scw@wasabisystems.com>
List: tech-net
Date: 07/31/2002 13:04:34

On Tue, 30 Jul 2002, jandemore wrote:

> We have a firewall runing in NetBSD with 4 ethernet cards.
> The first one ( with the ip 200.200.1.150) is conetct to Adsl router (with
> ip 200.200.1.1)
> The secoond one ( 10.1.1.1) to a lan (10.1.0.0)
> The third one ( 10.2.1.1) to a lan (10.2.0.0)
> The second one ( 10.3.1.1) to a lan (10.3.0.0)

Your ipnat.conf can be simplified to just three rules:

  #
  # fxp0 - (external) connection to ISP, address 200.200.1.150/32
  #
  map fxp0 10.0.0.0/8 -> 200.200.1.150/32 proxy port ftp ftp/tcp
  map fxp0 10.0.0.0/8 -> 200.200.1.150/32 portmap tcp/udp auto
  map fxp0 10.0.0.0/8 -> 200.200.1.150/32

That's all you need in order to NAT your internal address space to your
single ISP assigned address.

Replace "auto" with 20000:65000 (or whatever) if you want manual control
over the port reassignments.

Cheers, Steve

-- 

Wasabi Systems Inc. - The NetBSD Company - http://www.wasabisystems.com/